[rust-dev] Integer overflow, round -2147483648

John Regehr regehr at cs.utah.edu
Mon Jun 23 12:15:16 PDT 2014

> Using checked overflow will
> reduce the performance of most code with non-trivial usage of integer
> arithmetic by 30-70%.

No, this view is overly pessimistic.

The last time we checked, Clang with the integer sanitizer turned on had 
a little less than 30% overhead for SPEC CINT 2006, on average.  Here 
are the actual slowdowns:

   400.perlbench       42.8%
   401.bzip2           44.4%
   403.gcc             12.7%
   429.mcf             11.3%
   445.gobmk           42.0%
   456.hmmer           36.5%
   458.sjeng           36.7%
   462.libquantum      36.9%
   464.h264ref         122.0%
   471.omnetpp         4.8%
   473.astar           16.1%
   483.xalancbmk       12.4%
   433.milc            22.7%
   444.namd            15.5%
   447.dealII          52.5%
   450.soplex          17.5%
   453.povray          11.0%
   470.lbm             13.3%
   482.sphinx3         34.3%

This was on some sort of Core i7.

Now consider that:

- This isn't only checking for signed overflows, it's checking for lossy 
casts, shift past bitwidth, etc. -- the average overhead goes down to 
20% if we only check for C/C++ undefined behaviors

- LLVM does a crap job in removing overflow checks; there's a ton of 
room for improvement, and I believe this will start happening now due to 

- We designed the integer sanitizer to be a debugger, not a production 
tool, it has precise exception semantics which suppresses a lot of 
integer optimizations; a more relaxed exception model like AIR/Ada would 
permit most of LLVM's integer optimizations to keep working

John Regehr

More information about the Rust-dev mailing list